Data Privacy Conference

Data Privacy Conference

On building privacy in engineering and product processes.

Make a submission

Accepting submissions till 18 Oct 2021, 01:20 PM

The first edition of the Data Privacy Conference was held between 23 and 29 April 2021.

The conference featured talks and discussions around:

  1. Processes for doing compliance and building privacy features in large and growing organizations.
  2. Case studies of compliance, mainly GDPR and related practices of data anonymization and data deletion.
  3. Using technology to handle processes for handling Personally Identifiable Information (PII); evaluation of developer tools that organizations use for governing access to PII and sensitive data - and whether to build, rent or buy these.
  4. End-to-end encryption - technology and policy debates; practical applications.
  5. Privacy preserving practices in consumer technology - netbanking and Android and mobile.
  6. Cloud security practices; multi-geography compliance with cloud.

Speakers from LinkedIn, Whatsapp, Hotstar, Mozilla, Zerodha, ThoughtWorks, Appsecco, Gojek and other organizations shared their experiences, and demonstrated how the combination of ‘intent, process, resources and technology’ come together to help companies build privacy-respecting products.

Watch the talks on https://hasgeek.com/rootconf/data-privacy-conference/videos

Participants in the conference included:

  1. SRE, DevSecOps and DevOps teams working with legal and compliance teams to heavy-lift operations around privacy and compliance.
  2. Product managers building secure and compliant systems.
  3. Business and engineering heads of organizations which deal with large volumes of consumer data on a regular basis.
  4. Representatives early to mid-stage fintech companies which are evolving systems to handle petabytes of data securely in compliance with larger governance laws.
  5. Consultants working on cloud and security; pricacy and compliance.

Contact information: Join the Rootconf Telegram group on https://t.me/rootconf or follow @rootconf on Twitter.
For inquiries, contact Rootconf on rootconf.editorial@hasgeek.com or call 7676332020.

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Supported by

Zeta® is in the business of providing a full-stack, cloud-native, API first neo-banking platform including a digital core and a payment engine for issuance of credit, debit and prepaid products that enable legacy banks and new-age fintech institutions to launch modern retail and corporate fintech p… more

Promoted

We’re the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. As a hyperscale cloud service provider, AWS provides access to highly advanced computing tools on rent for startups and SMEs at affordable prices. We help t… more
Omidyar Network India invests in bold entrepreneurs who help create a meaningful life for every Indian, especially the hundreds of millions of Indians in low-income and lower-middle-income populations, ranging from the poorest among us to the existing middle class. To drive empowerment and social i… more
about.facebook.com/meta
Deep dives into privacy and security, and understanding needs of the Indian tech ecosystem through guides, research, collaboration, events and conferences. Sponsors: Privacy Mode’s programmes are sponsored by: more

Anwesha Sen

@anwesha25

Nadika N

Nadika N

@nadikanadja Editor

Summary of session: Birds of Feather (BOF) discussion on investors' views of privacy and security; proactive measures and compliance for existing and future investees

Submitted Oct 18, 2021

Date of event: April 24, 2021

Moderators: Subhashish Bhadra (ONI), Anand V (Hasgeek)
Discussants: Sharda Balaji (Novo Juris), Samuel Mani (Mani Chengappa Mathur), KK Mookhey (NII Consulting), Kailash Nadh (Zerodha)

Current scenario of cybersecurity in organisations

Companies have written down policies and procedures in case of data breaches. Securities and Exchange Board of India (SEBI) regulators provide clear guidelines. However, in most places cybersecurity is an afterthought. Individuals in leadership positions are mostly not technically aware about data security, and those who are aware do not have enough of a leadership position to implement necessary cybersecurity measures. Business considerations always seem to trump technical considerations.

What should be done to prevent data from being traded on the darknet?

Once your data is on the darknet, it’s out. There is nothing to be done there. The key is to be prepared. There are only two mitigations here: the financial aspect of cyber security, which is quite expensive, and the expertise in negotiating with people to get your data off the hit list. Keeping these in mind, one can take necessary precautions to prevent data breaches.

Questioning privacy risks before investing

Cybersecurity is more important for consumer-centric technologies than deep tech. Investors should ask more questions regarding cybersecurity so that the entrepreneur pays attention to it as well. Investors normally do a due diligence of the processes and policies in cybersecurity before they invest in a company. Investors also prefer companies with certifications like ISO 27001. Data security is necessary for everyone. Investors need to understand security as it is a key area today.

Are privacy and security only engineering problems?

Security is about securing your assets. Privacy is about how you use the data that you’ve collected. GDPR says that there is a public interest question about how data is collected, used, processed, etc. Security is one aspect of that. Privacy is the larger topic.

Do data breaches affect Indian companies?

There are rarely any repercussions or fines that are paid due to data breaches. Most of the time, organizations don’t even realise that a breach has occurred until an ethical hacker informs them that their data is available on the darknet. A lot of it doesn’t come out to the public.

Some organisations that have had major data breaches in the recent past include BigBasket, Air India, Domino’s Pizza, and BHIM payment apps. Personal data of millions of Indians such as their addresses, Aadhar card scans, caste certificates, and credit card and passport information was leaked and a lot of it was available on the darknet. While these organisations have taken some steps to prevent future breaches, as of now there has been little or no action taken against them.

Due diligence by investors

One needs to do reasonable diligence. There will never be complete diligence. Make sure that the checks are reasonably robust, and then you need to live with the risk. Breaches usually occur due to small, silly mistakes, such as a weak or a wrong link being clicked by someone in the organisation.
On the policy side of things, SEBI introduced a comprehensive 54-point cybersecurity guideline three years ago. But most vendors don’t even have the certifications mentioned in the guidelines yet. So, it is impossible to enforce all the policies that are there and this is something that investors need to accept until there is change.

Does a company need to share a customer’s data with the customer when asked for it?

There is no such law that forces the company to share data unless it is sensitive personal information.
GDPR is only applicable when there is a data breach at a company that is using data on European individuals, regardless of where the company is physically located. The same is true for other countries, based on their data protection laws. Unless a company is using European data at the product level, they do not have to comply with GDPR.

If the same data gets leaked multiple times, what effect does it have?

The price for the data on the data trade market goes down a lot. The accuracy too will reduce. The losses here are socialised and largely paid for by the people, which is not tracked.

Summary prepared by Anwesha Sen

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Make a submission

Accepting submissions till 18 Oct 2021, 01:20 PM

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Supported by

Zeta® is in the business of providing a full-stack, cloud-native, API first neo-banking platform including a digital core and a payment engine for issuance of credit, debit and prepaid products that enable legacy banks and new-age fintech institutions to launch modern retail and corporate fintech p… more

Promoted

We’re the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. As a hyperscale cloud service provider, AWS provides access to highly advanced computing tools on rent for startups and SMEs at affordable prices. We help t… more
Omidyar Network India invests in bold entrepreneurs who help create a meaningful life for every Indian, especially the hundreds of millions of Indians in low-income and lower-middle-income populations, ranging from the poorest among us to the existing middle class. To drive empowerment and social i… more
about.facebook.com/meta
Deep dives into privacy and security, and understanding needs of the Indian tech ecosystem through guides, research, collaboration, events and conferences. Sponsors: Privacy Mode’s programmes are sponsored by: more